Trouble with Guardian JWT Config

sjoconnor · November 20, 2017, 8:20pm

I’m trying to setup Guardian to work with Phoenix and Ldap. I seem to be stuck with some configuration . My Guardian config looks roughly like this:

config :guardian, Guardian,
  allowed_algos: ["HS512"],
  verify_module: Guardian.JWT,
  issuer: "Issuer",
  ttl: { 30, :days},
  verify_issuer: true,
  secret_key: <MY KEY>,
  serializer: MyApp.Auth.GuardianSerializer

I have a SessionController where I’m hitting Ldap and then doing something like this:

    case Ldap.authenticate(username, password) do
      :ok -> handle_sign_in(conn, username)
      _   -> handle_error(conn)
    end

    {:ok, user} = lookup_user(username)
    conn
    |> put_flash(:info, "Logged in.")
    |> MyApp.Auth.Guardian.Plug.sign_in(user)
    |> redirect(to: "/")

The Ldap portion is working fine, but I keep getting this error from Guardian:

Request: POST /sign_in
** (exit) an exception was raised:
    ** (RuntimeError) No secret key configured for JWT
        (guardian) lib/guardian/token/jwt.ex:319: Guardian.Token.Jwt.fetch_secret/2
        (guardian) lib/guardian/token/jwt.ex:163: Guardian.Token.Jwt.create_token/3
        (guardian) lib/guardian.ex:754: Guardian.returning_tuple/1
        (guardian) lib/guardian.ex:581: Guardian.encode_and_sign/4
        (guardian) lib/guardian/plug.ex:172: Guardian.Plug.sign_in/5
        (infrared) lib/myapp_web/controllers/session_controller.ex:23: MyAppWeb.SessionController.handle_sign_in/2
        (infrared) lib/myapp_web/controllers/session_controller.ex:1: MyAppWeb.SessionController.action/2
        (infrared) lib/myapp_web/controllers/session_controller.ex:1: MyAppWeb.SessionController.phoenix_controller_pipeline/2
        (infrared) lib/myapp_web/endpoint.ex:1: MyAppWeb.Endpoint.instrument/4
        (phoenix) lib/phoenix/router.ex:278: Phoenix.Router.__call__/1
        (infrared) lib/myapp_web/endpoint.ex:1: MyAppWeb.Endpoint.plug_builder_call/2
        (infrared) lib/plug/debugger.ex:99: MyAppWeb.Endpoint."call (overridable 3)"/2
        (infrared) lib/myapp_web/endpoint.ex:1: MyAppWeb.Endpoint.call/2
        (plug) lib/plug/adapters/cowboy/handler.ex:15: Plug.Adapters.Cowboy.Handler.upgrade/4

I can’t tell if this is a config issue on my side or a bug. Any help would be much appreciated.

subetei · November 21, 2017, 1:05am

Can’t tell for sure since you obviously had to blank out your key but maybe you haven’t generated one in the format they need and added it to config. Did you already follow the instructions here first? https://hexdocs.pm/jose/key-generation.html

I used a file at first and then went to keep it in config so after generating a valid key the config option simply looked like so

secret_key: %{
    "k" => "supersecretimportantkey",
    "kty" => "oct"
  },

Let me know if I can help you test anything if that turns out to be useless. happy to help and have a working setup atm

sjoconnor · November 21, 2017, 1:56am

Looks like my problem was two-fold.

I wasn’t generating my key right. Thanks for pointing me in the right direction there.
I didn’t set otp_app: :someapp correctly in my module. What I named it didn’t match my config, silly mistake.

Thanks for the help! That got me moving forward for now.